BCA

By John Riley

 Access to the Internet is easier than ever. It provides an unending fountain of  information on entertainment, credit and financial services, sports, politics, and countless other subjects. However, there is a downside… many internet users are careless in protecting their assets and identities in operating their websites/blogs as well as surfing the net.  As a result, hackers find a fertile landscape where they can ply their trade often with  stunning success.  Neither business, government or individuals are immune. While many businesses and the government have sophisticated layers of security in place to protect their systems, individuals must rely on commercial services.  Here’s what some of those experts suggest for individuals and families  to better secure your systems:

 Password security  (Information Technology Consultants Update Oct 9, 2009)

 If there is any indication your website/blog has  while surfing the Internet that your password has been compromised, immediately change that password and  investigate all your other passwords. Too often, a person will wait a day or two before taking action and by then it may be too late to prevent an economic loss.

 Stop re-using your password for multiple websites. If  the hacker figures out your password he will be able to access bank information, private e-mail or your other accounts.

 Vary your  mix of letters, numbers and symbols and use at least 8 characters for your  password. You can also mix up capital letters with lower case letters,

 Avoid using passwords that are personal, i.e. birthdays, wedding dates, addresses or children’s names.  If you write down your passwords, keep the papers in a secure location.

 Computer security (OnGuard Online.Gov 2010)

 Hackers will try to find home computers that are not well protected by security software and  install ‘malware’. Or they might send you an e-mail with attachments that will install malware when you open them. Once the bad software is installed, the affected computer becomes a BotNet and anonymously sends out thousands of spam e-mails. Millions of homes are part of BotNets and most families are unaware of it. That’s why it’s important to keep operating systems and Web browsers up to date at all times.

 Phishing is the biggest threat to the loss of personal information. Never reply to a phone call or e-mail requesting personal or financial information. Most reputable organizations do not use those means to obtain such information. Know who you are dealing with. Check out unknown callers by using Google Search, especially if they represent a ‘company’.  If they claim to represent a company, call the company and check. If not, be very cautious.

 Use security software that updates automatically. Be sure you have anti-virus, anti-spyware and a firewall at a minimum. And back up your important files regularly, i.e. daily or weekly.

 Wireless security (OnGuardonline.gov 2010)

Convenience and mobility are driving more computer users to utilize wireless connections to the Internet without realizing the risk.  A hacker with a wireless-ready computer can take over a users network and if the hacker commits a crime or sends spam, the incident can be traced back to the user’s account creating problems for the user. On Guard Online suggests  the following steps to protect yourself:

1)      Encrypt or scramble communications over the network. Buy a wireless router that has encryption features.

2)     Use anti-virus and anti-spyware software with a firewall

3)     Turn off wireless router identifier broadcasting that sends out signals to any device in the area announcing its presence.

4)     Routers usually have an identifier and a pre-set password for administration. Turn off the identifier and change the default password.

5)     Turn off your wireless network when you aren’t using it

6)     Don’t assume public ‘hot spots’ are secure

 When you have been attacked, report it immediately

Hacking or Computer Virus:  Send to the  FBI at www.ic3.gov.  Be sure to include the information in the hacker’s e-mail’s header (sender’s Internet Service Provider) and routing information along  with any other information you have. Without that information, the FBI has nothing to work with.

 Internet Fraud: Any fraud attempt involving shopping online or an Internet auction,

report it to the Federal Trade Commission, at ftc.gov

 Deceptive Spam:  Send the e-mail header and routing information to spam@uce.gov

 Phishing e-mail: The Anti-Phishing Working Group is a consortium of Internet Service Providers (ISP) security vendors, financial institutions and law enforcement agencies that rely on user reports to fight phishing. Send your report to reportphishing@antiphishing.org

 Identity Theft:  Send your report to the Federal Trade Commission at ftc.gov  

Go to ftc.gov/idtheft for information on how to minimize risk of theft identity.

 Most successful hackers succeed, not so much because of their prowess and analytical skills, but because so many people fail to realize or accept the threat to their security. It can be a costly mistake.  

 The final article, Cyber Espionage (5 of 5) Preparing for the Future,  will appear April 11.

 

By John Riley

  Chinese hackers penetrated White House e-mail archives and were able to sneak onto the network several times according to The Register, a British publication in 2008. 

 North Korean hackers managed to penetrate a website and obtain a secret U.S.-South Korean plan to defend the Korean peninsula in case of war according to a recent Defense News report.

 An investigation by The Wall Street Journal revealed an unnamed intruder was able to penetrate the Pentagon computers and steal terabytes of information about the design and electronic systems for the new $300 billion state-of-the-art Joint Strike Fighter project.  

 Every day, the Department of Defense detects 3 million unauthorized computer probes of its networks while the Department of State fends off 2 million probes according to a Right Side News report November 29, 2009.

 Several countries have state-of-the-art cyber espionage capabilities

 These incidents are typical of the daily threats that military, government contractors, and industry organizations are facing. Global Cyber CEO, Jody Westby, said in USA Today in January that China, Russia, North Korea, Iran, Israel, France, the United States and the United Kingdom are recognized as possessing state-of-the-art cyber espionage expertise which they use for economic and military intelligence gathering. Alan Paller, director of research for the Sans Institute said on Fox News, January 22, 2010, that over 100 countries have cyber espionage capabilities.  

 “It’s espionage on a massive scale” says Paul B. Kurtz, a former high-ranking national security official. In 2008, over 12,900 cyber security attacks had been reported to the Homeland Security Dept. which was triple the number from two years earlier. Air Force Lt. General, Robert Elder points out “ while much of the focus is on data loss or data gain, the biggest concern should be that an adversary manipulates data and we do not even recognize it.”

 U. S. power plants are vulnerable

 To make the point, a PC World story in early 2009 talked about hackers believed to be from China or Russia, had penetrated the U.S. electrical grid and were able to install “software tools” that would disrupt the grid system. The degree to which the grid had been accessed was not revealed, but investigators said the attack was ‘pervasive’ to the extent that control of U.S. power plants could be taken over by the hackers.

 Several studies have been made of U.S. cyber security policies and programs to improve security, each with a set of recommendations. One of the most recent was the Commission on Cyber Security under the leadership of Melissa Hathaway, which made its recommendations to the White House and congress in February, 2009, but little or no implementation has taken place. The most important proposal calls for the government to work more closely with the private sector, but also pointed out the need for emphasis on key infrastructure and coordination of preventive and responsive activities.

 The U. S. has no formal policy dealing with foreign threats

 Another reason for adopting Hathaway’s study recommendation for closer government-private sector coordination is the fact most of the critical infrastructure is owned and operated by the private sector. Without that coordination, it is very difficult to determine the targets and the nature of the threats.

 According to a Wall Street Journal online report, “the U.S. government and private industry seem to be in a reactive role, detecting intrusions and information losses only after the fact, with no cross-government or industry coordinated response. Efforts to coordinate standards and policies across the private sector and in government, therefore appear stalled.” A Computer World story adds, “The U.S. has no formal policy for dealing with foreign government-led threats against U.S interest in cyberspace.

 While there are obvious areas of concern about the state of  U.S. cyber security, it is entirely possible some of the recommendations of various organizations have not been ignored. Cyber security techniques are not something the government would want to share in any detail. Time will tell if the government may have quietly adopted some or many of the recommendations and advanced our cyber security more than is generally recognized.

 The next article, Cyber Espionage- (2 0f 5) Vulnerabilities are Many, will appear March 30..